Research labs across the world are working towards creating “securitized hardware”: new technologies that will enable chip designers to safeguard hardware against all known classes of software-exploitable vulnerabilities, such as memory errors, information leakage, and code injection. The efforts are being funded by the DARPA SSITH program.
We are kicking off public red teaming on alpha, proof-of-concept hardware at DEF CON in 2019. We invite hacking experts across the world to join us in red-teaming the hardware as it is being developed throughout the multi-year effort.
DEF CON VOTING VILLAGE
We kicked off the public demonstration of SSITH secure processors at DEF CON in 2019. The kick-off was made possible by the generous support of the Voting Village and their offer to use the space available to them. For updates and news, follow the Voting Village here
The public repositories with all relevant materials can be found here:
Government-Furnished Equipment (GFE)
The secure hardware work is funded by
DARPA’s SSITH program:
System Security Integration Through Hardware and Firmware
The demonstrator is part of the effort to
evaluate hardware security properties:
Balancing Evaluation of System Security Properties with Industrial Needs
The description of the aspirations of the demonstrator can be found here:
SSITH Secure Hardware Demo
We aim to make demonstrators available
A Configurable, Affordable System-on-Chip for Analysis and Demonstration of Election Security
Red teaming: What can I do at DEF CON?
To do security testing of the new securitized hardware, you can come to the Voting Village and get to work on the hardware that we’ve provided, with in-person support from several members of our team.
You can start with a system that runs conventional RISC-V hardware, a real-time OS, and demonstration software that implements part of a voting system. We’ve made it easy for you see how vulnerable this conventional system is, with packaged exploits that break the system’s essential ballot handling functions. You can find the exploits in our public repo, along with the demo software source code, along with everything needed to build the full system. You can re-create these exploits, and use them to create new exploits of your own.
Then you can move on to either of two systems running securitized RISC-V hardware. One is running the demo voting system software that’s built to repel the kinds of attacks that work on the conventional system. Another is running an even simpler set of demo software, designed for very quick analysis and attack design. Any exploits that you develop — for either the conventional or securitized systems — you can submit to our project via the public github repo, which has a section specifically for this purpose. Your work, attributed to you, will help expand the baseline of malware that this future hardware is being developed to protect against.
To get ready, start with the README in the repo: